const jwt = require('jsonwebtoken');
const User = require('../models/User');

exports.protect = async (req, res, next) => {
    try {
        let token;

        // 从请求头获取token
        if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
            token = req.headers.authorization.split(' ')[1];
        }

        if (!token) {
            return res.status(401).json({
                success: false,
                message: '请先登录'
            });
        }

        try {
            // 验证token
            const decoded = jwt.verify(token, process.env.JWT_SECRET);

            // 检查用户是否存在
            const user = await User.findById(decoded.id);
            if (!user) {
                return res.status(401).json({
                    success: false,
                    message: '用户不存在'
                });
            }

            // 将用户信息添加到请求对象
            req.user = user;
            next();
        } catch (error) {
            return res.status(401).json({
                success: false,
                message: '无效的token'
            });
        }
    } catch (error) {
        next(error);
    }
};

// 检查用户角色
exports.authorize = (...roles) => {
    return (req, res, next) => {
        if (!roles.includes(req.user.role)) {
            return res.status(403).json({
                success: false,
                message: '无权访问此资源'
            });
        }
        next();
    };
};
